Ansible 202 (because i hate odd numbers) 

$whoami ● DevOps Engineer @ Jampp ● Whisky enthusiast ● Amateur golfer @sebamontini 

$whoami ● DevOps Engineer @ Jampp ● Whisky enthusiast ● Amateur golfer @sebamontini 

What is Ansible? Ansible is a very simple (yet powerful) automation engine. ● Simple: Ansible uses a clear (readable) YAML sintax. ● Fast: easy to learn, easy to setup. ● Efficient: No agent on you servers. ● Secure: No open ports on your firewalls (SSH). @sebamontini 

Glosary Inventory: Lists of Hosts, Variables and Groups. Modules: The units of work that Ansible ships out to remote hosts. Facts: Things that are discovered about remote nodes. Playbooks: List of plays (mapping of hosts and tasks). Tasks: set of actions (module+args) to be executed. @sebamontini 

Playbooks @sebamontini 

Playbooks @sebamontini 

Tags @sebamontini --- tasks: - yum: name={{ item }} state=installed with_items: - httpd - memcached tags: - packages - template: src=templates/src.j2 dest=/etc/foo.conf tags: - config - deploy $ansible-playbook myapp.yml --tags config,deploy 

Tags @sebamontini --- tasks: - yum: name={{ item }} state=installed with_items: - httpd - memcached tags: - packages - template: src=templates/src.j2 dest=/etc/foo.conf tags: - config - deploy $ansible-playbook myapp.yml --tags config,deploy 

Roles @sebamontini roles/ myRole/ # this hierarchy represents a "role" tasks/ # install.yml configs.yml code.yml main.yml # <-- tasks file can include smaller files if warranted handlers/ # main.yml # <-- handlers file templates/ # <-- files for use with the template resource ntp.conf.j2 # <------- templates end in .j2 vars/ # main.yml # <-- variables associated with this role defaults/ # main.yml # <-- default lower priority variables for this role meta/ # main.yml # <-- role dependencies 

Ansible Galaxy @sebamontini $ansible-galaxy install -r requirements.yml --- - src: torian.python name: python path: roles-galaxy/ version: 1.0.0 - src: bennojoy.memcached name: memcached path: roles-galaxy - src: https://github.com/torian/ansible-role-phantomjs name: phantomjs path: roles-galaxy/ 

ansible.cfg [defaults] inventory = inventory/ec2.py roles_path = roles:roles-galaxy retry_files_enabled = True retry_files_save_path = .ansible-retry $ansible-playbook -l @.retry @sebamontini 

Shell vs Command ● With the Command module the command will be executed without being proceeded through a shell. As a consequence some variables like $HOME are not available. And also stream operations like <, >, | and & will not work. ● The Shell module runs a command through a shell, by default /bin/sh. This can be changed with the option executable. Piping and redirection are here therefor available. ● The command module is more secure, because it will not be affected by the user’s environment. @sebamontini 

Variables’ precedence ● role/defaults.yml ● variables defined in inventory (eg: tag group_vars) ● facts ● Plays vars ● role vars ● included vars ● task vars (only for the task) ● extra vars (-e in the command line) always win @sebamontini 

ansible-vault Vault is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files. roles/aliens ├── tasks │ └── main.yml └── vars └── spoilers.yml $ ansible-playbook playbooks/movies.yml --vault-password-file ~/.vault_pass.txt @sebamontini --- - include_vars: spoilers.yml - name: Put the spoiler in the tmp directory. copy: content="{{spoiler_text}}" dest=/tmp/spoiler_text.txt $ ansible-vault encrypt roles/aliens/vars/spoilers.yml --vault-password-file ~/.vault_pass.txt $cat playbooks/movies.yml --- - hosts: all roles: - { role: aliens } 

We’re hiring ! http://jampp.com/jobs.php @sebamontini 

Thanks [email protected] @sebamontini github.com/sebamontini